Modern computing systems employ a variety of techniques to ensure that malicious, spurious, or other invalid programs do not obtain control over a computer processor. Many processors are designed so that hardware and software can cooperate in efforts to prevent invalid code from being executed by the processor. Many processor designs enable hierarchical domains of protection for accessing the processor and/or other resources. For example, only special programs such as operating systems or hypervisors may be permitted to execute on a processor using the processor's highest-privilege mode (e.g., “ring 0” or a “supervisor” mode). Depending on their assigned level of privilege, various programs may or may not have access to protected resources, such as I/O devices, protected memory regions, memory tables, interrupt disablement, direct access to the processor, images of other virtual machines, or other resources.
Various invalid programs may gain access to restricted resources by executing partial sections of otherwise-privileged code that is present on a computing system. Examples include malicious return-oriented programming (ROP) attacks and jump-oriented programming (JOP) attacks, which may attempt partial execution of privileged code (e.g., by initiating execution at a mid-point in the flow of the code). In various situations, Trojan, worm, virus, or other vectors can introduce malware that initiates execution of sections of privileged code that is already present in a computer's memory. By executing a selected section or sections of the privileged code, the malware may be able to accomplish tasks that would otherwise be denied to the malware.